[Swan] Usage of firewall marks by KLIPS/OpenSwan/Libreswan

Lawrence Manning lawrence.manning at smoothwall.net
Tue Feb 3 19:33:38 EET 2015


Hi there,

We are currently (still) using openswan, but will shortly be migrating over
to libreswan. I suspect this question is generic and relevant to both, so
I'm sending it to this list.

We make use of firewall marks quite extensively, more so as time has gone
by, and now we have issues whereby KLIPS is asserting its own marks. This
is proving to be a real problem, since marks are used for critical things
like policy routing etc.

1. What functionality does the usage of these marks give KLIPS?
2. If it is minor, is it possible to disable this functionality either at
configure time or compile time?
3. I notice that there is a kernel patch:
(0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch) which
appears to move the useage of marks to a dedicated field in the sockbuf. Is
applying this patch to our kernel tree, enabling the new option and
rebuilding swan/klips enough to stop KLIPS from using firewall marks?

Thanks!

-- 

Lawrence Manning
Founder & Developer

*smoothwall*
lawrence.manning at smoothwall.com
www.smoothwall.com

Head Office : 1 John Charles Way, Leeds, LS12 6QA, United Kingdom
Tech Office : Eagle Point, Litte Park Farm Road, Fareham, PO15 5TD, United
Kingdom
US Office : 8008 Corporate Center Dr #410, Charlotte, NC 28226, United
States

Telephone: UK: +44 870-199-9500 US: +1 800-959-3760

 <https://www.facebook.com/smoothwall?ref=hl>   [image:
http://s3-eu-west-1.amazonaws.com/smoothwallweb/twitter.png]
<https://twitter.com/Smoothwall>   [image:
http://s3-eu-west-1.amazonaws.com/smoothwallweb/googleplus.png]
<https://plus.google.com/u/0/105975318877636922166/posts>   [image:
circle_test] <http://smoothwall.uservoice.com/forums/145832-general>   [image:
linkedin_test] <https://www.linkedin.com/company/smoothwall-ltd>

Smoothwall Limited is registered in England, Company Number: 4298247 and
whose registered address is 1 John Charles Way, Leeds, LS12 6QA United
Kingdom.
This email and any attachments transmitted with it are confidential to the
intended recipient(s) and may not be communicated to any other person or
published by any means without the permission of Smoothwall Ltd. Any
opinions stated in this message are solely those of the author.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150203/c7465395/attachment.html>


More information about the Swan mailing list